Solved: DAP using LDAP and Cisco Attributes

lm20ele · ‎10-21-2011

I would like to be able to set up a Dynamic Access Policy with the criteria that if all of the following:

cisco.grouppolicy=Sales

ldap.memberOf=Remote_Access

can have specific set of access. My Connection profile is using a Radius server to authenticate and assign the Group Policy.

Is it possible to accomplish this? since it doesn't seem to work for me.

Herbert Baerten · ‎10-24-2011

Hi Luis,

if you want to use LDAP attributes in your DAP policy, then you have to use LDAP for authentication or authorization in your tunnel-group.

So you will either have to replace radius with ldap for authentication, OR keep radius for authentication and add ldap for authorization on top.

hth

Herbert

Herbert Baerten · ‎10-24-2011

Hi Luis,

if you want to use LDAP attributes in your DAP policy, then you have to use LDAP for authentication or authorization in your tunnel-group.

So you will either have to replace radius with ldap for authentication, OR keep radius for authentication and add ldap for authorization on top.

hth

Herbert